Project
Description
Open-source host-level security for AI agents (MIT licensed):
- Host Guardian — 4 permission tiers (observer/worker/standard/full) enforced at runtime
- Forbidden zones — Auto-protects SSH keys, AWS creds, GPG keys, browser data, crypto wallets (20+ patterns)
- Credential monitoring — Watches sensitive directories for unauthorized access
- Skill integrity checking — Hash-based verification + 14 suspicious pattern detectors
- Network egress logging — URL extraction, domain allow/blocklists, 26 blocked domains
- Prompt injection scanning — Multi-layer detection (regex + heuristics)
- Inter-agent message scanning — 10 agent-specific attack patterns
- Policy engine — YAML-based rules for shell, file, browser, network
- Audit trail — Full logging + alert delivery (webhook/file/console)
Key Differentiator
Most AI security tools focus on the prompt/model layer. ClawMoat is the only open-source tool focused on host-level protection — what the agent can actually do on your machine.
Technical Details
- Zero dependencies (pure Node.js)
- Sub-millisecond scanning
- 142 tests passing
- OWASP Top 10 Agentic AI coverage
- Works with any agent framework (LangChain, CrewAI, AutoGen, OpenClaw)
Suggested Section
Runtime Security or Agent Security
Website: https://clawmoat.com
Project
Description
Open-source host-level security for AI agents (MIT licensed):
Key Differentiator
Most AI security tools focus on the prompt/model layer. ClawMoat is the only open-source tool focused on host-level protection — what the agent can actually do on your machine.
Technical Details
Suggested Section
Runtime Security or Agent Security
Website: https://clawmoat.com